as well as make the correction
for passing the complete kernel file to Xen.
Signed-off-by: Eric DeVolder
---
configure.ac| 8
kexec/arch/x86_64/kexec-bzImage64.c | 18 ++
kexec/kexec-xen.c | 7 +++
kex
This change adds to Xen the kexec_file_load() entry point. The
kexec_file_load() is nearly identical to kexec_load(), but with the
added code to handle checking and handling of PECOFF Authenticode
signature verification.
Signed-off-by: Eric DeVolder
---
xen/common/kexec.c | 131
This change adds a new entry point in libxenctrl for the
kexec_file_load() operation. The code for kexec_file_load() is nearly
identical to kexec_load() other than the use of hypercall op
KEXEC_CMD_kexec_file_load rather than KEXEC_CMD_kexec_load.
Signed-off-by: Eric DeVolder
---
tools/libxc
This patch creates a new file that is in turn a patch that contains a
small number of changes needed in order to soldier through the
compilation of all the OpenSSL sources within Xen.
This patch is applied to OpenSSL in xen.spec.
Signed-off-by: Eric DeVolder
---
openssl-1.1.0i.patch | 378
perform signature verification. This file essentially contains the
two files
https://github.com/vathpela/verify/Cryptlib/Pk/[CryptPkcs7.c|CryptAuthenticode.c]
which together provide the signature verification capability.
Signed-off-by: Eric DeVolder
---
xen/common/TrustedCert.h | 113
Changes needed to the xen/common/Makefile in order to stitch in the
compiling of OpenSSL as well as the PECOFF file decoder and signature
verification code.
Signed-off-by: Eric DeVolder
---
xen/common/Makefile | 4
1 file changed, 4 insertions(+)
diff --git a/xen/common/Makefile b/xen
the (userland) OpenSSL
source files, as opposed to modifying about 145 source files.
Signed-off-by: Eric DeVolder
---
xen/arch/x86/Rules.mk | 2 +
xen/common/xmalloc_tlsf.c | 25
xen/include/asm-x86/types.h | 2 +
xen/include/xen/types.h | 3 +
xen
of
OpenSSL.
Signed-off-by: Eric DeVolder
---
xen.spec | 78
1 file changed, 78 insertions(+)
diff --git a/xen.spec b/xen.spec
index 4e36f7e..e026f28 100644
--- a/xen.spec
+++ b/xen.spec
@@ -1,5 +1,7 @@
%{!?buildid: %{expand
.
10: Licensing of the various pieces may be problematic.
Note that there is a corresponding change to kexec-tools to
allow/enable the Xen kexec_file_load() hypercall. Those changes
are not part of this change set, but will be posted separately.
Anyway, this does work, for me.
eric
Eric DeVold
This is the Xen compatible makefile for use in building
OpenSSL within Xen.
This file was generated by capturing a "normal" build of
OpenSSL and parsing that build to ensure the correct list of
options and files.
Signed-off-by: Eric DeVolder
---
Makefile.openssl-1.
In reading this and providing feedback, I'm hoping to obtain
community consensus on the following questions:
- Is there interest in this?
- Which approach is favored?
- Are there other approaches/efforts?
- Other concerns/feedback?
Executive Summary
Xen currently lacks signature verification infr
Daniel,
I've implemented your feedback and posted the following:
[PATCH v1] kexec-tools: Tweak run-time handling of libxenctrl.so
Regards,
eric
On 01/18/2018 05:55 AM, Daniel Kiper wrote:
On Wed, Jan 17, 2018 at 10:39:01AM -0600, Eric DeVolder wrote:
When kexec is utilized in
or Xen,
thus these versions are expected to "fail" in a Xen environment.
On the flip side, since a non-Xen environment does not need
libxenctrl.so, all six scenarios are expected to "pass" in a
non-Xen environment. The results match these expectations!
And, of course, import
Responses are inlined below.
Eric
On 01/16/2018 03:39 PM, Daniel Kiper wrote:
On Fri, Jan 12, 2018 at 03:21:13PM -0600, Eric DeVolder wrote:
When kexec is utilized in a Xen environment, it has an explicit
run-time dependency on libxenctrl.so. This dependency occurs
during the configure stage
Daniel,
Thanks for the feedback, see responses inline below.
I've posted v3 of the patch.
Eric
On 12/18/2017 07:43 AM, Daniel Kiper wrote:
On Thu, Dec 14, 2017 at 04:48:01PM -0600, Eric DeVolder wrote:
When kexec is utilized in a Xen environment, it has an explicit
run-time dependen
or Xen,
thus these versions are expected to "fail" in a Xen environment.
On the flip side, since a non-Xen environment does not need
libxenctrl.so, all six scenarios are expected to "pass" in a
non-Xen environment. The results match these expectations!
And, of course, import
x0038d680)
/lib64/ld-linux-x86-64.so.2 (0x562dc0c14000)
# build/sbin/kexec -v
kexec-tools 2.0.16
Currently this feature is enabled with the following:
./configure --with-xen-dl --with-xen=no
This is a bit clunky. I welcome feedback such as better names
and/or usage of --with,
17 matches
Mail list logo